Description
[Netwalker](https://attack.mitre.org/software/S0457) is fileless ransomware written in PowerShell and executed directly in memory.(Citation: TrendMicro Netwalker May 2020)
External References
Techniques Used by This Malware
- T1027.009 — Embedded Payloads
- T1027.010 — Command Obfuscation
- T1047 — Windows Management Instrumentation
- T1055.001 — Dynamic-link Library Injection
- T1059.001 — PowerShell
- T1059.003 — Windows Command Shell
- T1082 — System Information Discovery
- T1105 — Ingress Tool Transfer
- T1106 — Native API
- T1112 — Modify Registry
- T1140 — Deobfuscate/Decode Files or Information
- T1486 — Data Encrypted for Impact
- T1489 — Service Stop
- T1490 — Inhibit System Recovery
- T1518.001 — Security Software Discovery
- T1562.001 — Disable or Modify Tools
- T1569.002 — Service Execution
- T1570 — Lateral Tool Transfer